Guest

Networking Software (IOS & NX-OS)

Control Plane Policing - Platform Enhancement

  • Viewing Options

  • PDF (522.2 KB)
  • Feedback
Cisco 10000 Series Router Control Plane Policing—Platform Enhancement

Table Of Contents

Cisco 10000 Series Router Control Plane Policing—Platform Enhancement

Contents

Information About Control Plane Policing—Platform Enhancement

Divert Cause Policer

Divert Causes

To-RP Queues

User-Level Punt Monitoring

Configurable Rate and Burst Size for the Divert Cause Policer

Drop Alarms for Packet Drops by the To-RP Queues and Divert Cause Policer

Restrictions for CoPP—Platform Enhancement

Configuring the Rate and Burst Size of the Divert Cause Policer

Examples of Configuring the Rate and Burst Size of the Divert Cause Policer

Example of Handling an ARP Storm Attack

Verifying and Monitoring Packets Diverted to the RP

Verification Examples for Diverted Packets

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

platform c10k divert-policer

show pxf cpu statistics

Feature Information for CoPP—Platform Enhancement


Cisco 10000 Series Router Control Plane Policing—Platform Enhancement


First Published: April, 2008

During a denial of service (DoS) attack, a high volume of traffic can be sent (punted) to the route processor (RP). To protect the RP, the Control Plane Policing (CoPP) feature and the platform-specific features divert-cause policer and To-RP queues work together to classify and rate-limit the packets punted to the RP. While these features provide a good method of protecting the RP from DoS attacks, they might impact the services of innocent users. The Control Plane Policing—Platform Enhancement feature addresses this issue of user fairness, providing you the ability to monitor malicious users so you can take action to drop or rate-limit the traffic at the user level.

In addition to the CoPP enhancements, Cisco IOS Release 12.2(33)SB also provides the following features and functions to enhance security:

Loose mode unicast reverse path forwarding (uRFP) for IPv4

Input classification using the match protocol arp command on all interface types that support the modular QoS CLI (MQC)

DHCP as a separate divert cause in the divert cause policer

For more information about uRFP, see the Unicast Reverse Path Forwarding feature module, Release 12.2(33)SB.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for CoPP—Platform Enhancement" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Information About Control Plane Policing—Platform Enhancement

Restrictions for CoPP—Platform Enhancement

Configuring the Rate and Burst Size of the Divert Cause Policer

Examples of Configuring the Rate and Burst Size of the Divert Cause Policer

Example of Handling an ARP Storm Attack

Verifying and Monitoring Packets Diverted to the RP

Verification Examples for Diverted Packets

Additional References

Command Reference

Feature Information for CoPP—Platform Enhancement

Information About Control Plane Policing—Platform Enhancement

The Control Plane Policing (CoPP)—Platform Enhancement feature enhances CoPP by providing the following functionality:

User-Level Punt Monitoring

Configurable Rate and Burst Size for the Divert Cause Policer for

Drop Alarms for Packet Drops by the To-RP Queues and Divert Cause Policer

Cisco IOS Release 12.2(31)SB introduced the divert cause policer and reorganized the To-RP queues. The following sections review these concepts, which are basic to understanding the CoPP—Platform Enhancement feature:

Divert Cause Policer

Divert Causes

To-RP Queues

Divert Cause Policer

The divert cause policer is a set of policers that provide aggregated DoS protection by regulating the traffic sent (punted) to the router processor (RP) based on the traffic divert causes. The divert policer is a single-rate, two-color PXF policer that applies rate-limiting to punted traffic for each of the divert causes.

In releases prior to Cisco IOS Release 12.2(33)SB, the policer is statically set and you cannot change it.

Divert Causes

A divert cause is a PXF classification of the packets being punted to the RP. The divert cause enables the PXF to group punted traffic by packet type. Cisco supports over 80 packet types. Each divert cause has its own unique divert policer instance.

In Cisco IOS Release 12.2(33)SB, the router supports the following divert causes:

divert_all

encap

clns_isis

clns

cdp

cgmp

arp

rarp

mpls_ctl

keepalive

ppp_cntrl

fr_lmi

atm_ilmi

pppoeoa_disc

oam_f4

oam_f5_ete

oam_f5_seg

mlfr_lmi

mlfr_lpi

srp_topo

srp_ips

ip_version

ip_options

fib_glean

hscc

tfib_flag

tfib_ip_opt

mfib_224

mfib_igmp

bridge_pdu

mfib_assert

mfib_null_out

mfib_direct

mfib_join_spt

mfib_register

mfib_no_fast

mfib_local_mem

lacp_pdu

mfib_no_group

acl_log_ipc

pbr_arp

ipc_resp

netflow_ipc

pppoe_disc

atm_crl

fr_eek

ppp_keepalive

l2tp_cntrl

acl_punt

iedge_debug

iedge_punt

iedge_no_xlt

mpls_echo

mpls_ttl

mpls_vccv

mfib_host_mode

mfib_tun_frag

v6_src_link_local

v6_hop_opts

v6_glean

v6_icmp

v6_lng_ext_hdr

v6_mfib_assert

v6_mfib_null_out

v6_mfib_direct_src

v6_mfib_join_spt

v6_mfib_register

v6_mfib_no_fast

v6_mib_local_mem

v6_mfib_no_group

v6_mfib_tun_frag

v6_mfib_lnk_if_loc

v6_mfib_site_local

iedge_ips_fsol

v6_dst_mcast

v6_dst_linklocal

dhcp

fib_dest

fib_rp

fib_bcast

v6_rp_dest

v6_rp_punt

v6_mcst_rsvd

 

To display punted packets by the divert cause, use the show pxf cpu statistics diversion pxf command.

To-RP Queues

The router aggregates the punted traffic from all users, and uses CoPP and the divert cause policer in the PXF to process the traffic. The PXF places the punted packets in one of eight To-RP queues. The packets in the queue have different bandwidths and are subject to being dropped if the queue becomes congested, except for high priority packets.

The To-RP queues are static queues that segment diverted traffic, providing additional protection for the RP. The To-RP queues are organized into the following eight queues:

Layer 2 control

Layer 3 control

Access control lists (ACLs)

Netflow

IPC

Normal Layer 2

Normal Layer 3

Default

The PXF sends packets for each divert cause to one of the To-RP queues. The router uses weighted round robin to service the queues and provides more bandwidth and weight to the control queues. To see statistical information from the dequeue and drop counters, use the show pxf cpu queue command.

User-Level Punt Monitoring

One of the CoPP enhancements introduced in Cisco IOS Release 12.2(33)SB is user-level punt monitoring.

User-level punt monitoring enhances your ability to monitor users and traffic to prevent a denial of service (DoS) attack. Using this feature, you can monitor individual users and display statistical information about traffic that the parallel express forwarding (PXF) engine sends (punts) to the route processor (RP). This information allows you to see when a DoS attack occurs. You can then take action by dropping or rate-limiting the punted traffic.

In Cisco IOS Release 12.2(31)SB and later releases, you can address DoS attacks by classifying and rate-limiting the packets that the PXF engine punts to the RP for further processing. This protects the RP, but might impact the services of innocent users because this method drops all packets without differentiating between malicious users and innocent users. For example, when one or more users with malicious intentions flood the router with Layer 2 or Layer 3 control packets (for example ARP or DHCP packets), the PXF drops not only the packets of the malicious users, but also the packets of other users with the same protocol type. User-level punt monitoring addresses this issue of user fairness by allowing you to display information about the punted traffic of specific users.

In Cisco IOS Release 12.2(33)SB and later releases, user-level punt monitoring makes it possible to collect and display per-user statistical information about the packets punted to the RP. Using this feature, you can determine if a particular user has a high rate of punted packets, in which case you might choose to take action, such as rate-limiting the packets of that particular user or if the offending user is a PPP session, you might terminate the session and disable the user's ability to log in. In this way, you can limit the impact of malicious users on innocent user services.

User-level punt monitoring enables you to:

Monitor punted traffic at the per-user level to help you identify possible DoS attackers

Display the types of traffic from an inbound interface, subinterface, or session that the PXF punts to the RP

To determine a user's identity, the router monitors the Layer 2 header information of the control packets and the inbound interface, subinterface, or session. User-level punt monitoring for both Layer 2 and per-input interface is enabled by default.

User-level punt monitoring is available on the PRE2, PRE3, and PRE4.

Configurable Rate and Burst Size for the Divert Cause Policer

Another CoPP enhancement introduced in Cisco IOS Release 12.2(33)SB is the ability to configure the rate and burst size of the divert cause policer.

Cisco IOS Release 12.2(31)SB introduces the divert cause policer. However, you cannot configure the rate and burst size.

In Cisco IOS Release 12.2(33)SB and later releases, you can configure the rate and burst size of the policer, using the platform c10k divert-policer command. The rate is specified in packets per second (pps) and the burst size in number of packets. The rate has an internal granularity of 125 pps, which means that the rate must be a multiple of 125. You may specify any rate desired; however, the router rounds the specified rate to a multiple of 125.

Drop Alarms for Packet Drops by the To-RP Queues and Divert Cause Policer

A final CoPP enhancement introduced in Cisco IOS Release 12.2(33)SB is the ability to send drop alarms for packet drops by the To-RP queues and divert cause policer.

To help you monitor possible DoS attacks, the router sends warning messages (alarms) to the console and the syslog log file to alert you when a change in drop activities occurs, such as packet drops due to congestion in the To-RP queues or due to aggregated traffic that violates the divert cause policer. The information these alarms provide depends on the condition that caused the drop alarm to occur.

Table 1 describes the kinds of information provided in the drop alarms.

Table 1 Information Provided in Drop Alarms

Condition
Information Provided
Basis of the Message

Divert cause police violation

Logging time

Divert cause of the drop (due to police rate exceeded)

Per-divert cause based

To-RP queue drops

Time

Queue name

Per-queue based


The router displays an alarm similar to the following when a change in drop activities occurs for the divert cause policer. The alarm includes the name of the divert cause (for example, ARP or DHCP) that has a change in its drop status. In this example, arp is the divert cause experiencing dropped traffic. If no more drops occur for a period of 10 minutes, the router clears the alarms to avoid flooding the log file with messages.

00:01:06: %C10K_ALARM-6-COPP: DIV-POLICE arp drops asserted
00:02:10: %C10K_ALARM-6-COPP: DIV-POLICE arp drops de-asserted

The router displays an alarm similar to the following for To-RP queue dropped traffic. In this sample alarm, the RP queue experiencing the drops is the default queue. Anytime the To-RP queues have a change in drop status, the router raises an alarm. The alarms clear if no more drops occur for a period of 10 minutes.

00:03:06: %C10K_ALARM-6-COPP: TO-RP-Q default drops asserted

00:05:10: %C10K_ALARM-6-COPP: TO-RP-Q default drops de-asserted

The router periodically checks for divert cause police violations and To-RP queue drops, and logs only changed drop activities (for example, drops are present during this time period, but were not present in the previous period or no drops are present in this time period, but were present in the previous period). The router generates the alarms on the first status change from the last monitoring period to the current monitoring period. The corresponding drop counter changes from zero to a non-zero value or from a non-zero value to zero. Logging only changed activities avoids possible flooding of the log files.


Note You can use the Embedded Event Manager (EEM) to generate SNMP traps for the syslog messages.


Restrictions for CoPP—Platform Enhancement

The router does not support issuing the show pxf cpu statistics diversion top command in multiple Telnet sessions. If you do, erroneous output displays.

For broadband applications, when you issue the show pxf cpu statistics diversion top command on a router configured for multihop, the output of the command might display invalid user session information.

Configuring the Rate and Burst Size of the Divert Cause Policer

To configure the rate and burst size of the divert cause policer, use the following procedure.

SUMMARY STEPS

1. enable

2. configure terminal

3. platform c10k divert-policer divert-cause-name rate rate [burst burst-size]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

platform c10k divert-policer divert-cause-name rate rate [burst burst-size]

Example:

Router(config)# platform c10k divert-policer arp rate 1250 burst 300

Specifies the rate and burst size of the divert cause policer.

divert-cause-name is the name of the diversion cause for which you are enabling the policer.

rate rate is the police rate, expressed in packets per second (pps) and rounded to a multiple of 125. Valid values are from 0 to 8,191,874 pps.

Note The police rate has a granularity of 125 pps. If you specify a rate that is not a multiple of 125, the router rounds the rate down. If you specify a rate that is between 1 and 124 inclusive, the router uses a rate of 125 pps.

burst burst-size specifies the burst size, expressed in number of packets. Valid values are from 1 to 65,534 packets.

Examples of Configuring the Rate and Burst Size of the Divert Cause Policer

The following example shows how to configure the divert cause policer for the arp diversion cause with a police rate of 200 pps and a burst size of 100 packets:

Router# config terminal
Router(config)# platform c10k divert-policer arp rate 200 burst 100


Note The provisioned rate of 200 pps is rounded down to 125 pps by the router because the PXF can only handle rates that are a multiple of 125. If the input rate value is between 1 and 124, the policer uses the minimum value of 125 pps.


The following example also shows how to configure the rate and burst size of the divert cause policer. The example specifies the arp diversion cause, a police rate of 2000 pps, and a burst size of 500 packets:

Router# config terminal
Router(config)# platform c10k divert-policer arp rate 2000 burst 500

Example of Handling an ARP Storm Attack

The following example describes how the CoPP—Platform Enhancement feature can help you to handle an ARP storm attack:

1. A message similar to the following displays at the console or in the syslog log file:

00:01:06: %C10K_ALARM-6-COPP: DIV-POLICE arp drops asserted

2. You enter the show pxf cpu statistics diversion top 20 command to display the top 20 punters (interfaces, subinterfaces, and sessions) that divert or punt packets to the RP at the fastest rate. In this example, interface GigabitEthernet 3/1/0.1 is one of the top 20 punters.

3. You enter the show pxf cpu statistics diversion pxf interface command to determine who among the top punters (interfaces, subinterface, and sessions) is punting lots of ARP packets. In this example, VLAN interface GigabitEthernet 3/1/0.1 is punting the ARP packets.

4. You add a policy map or a new class to interface GigabitEthernet 3/1/0.1 to rate-limit the ARP packets. For example, the following sample configuration adds the traffic class named c_arp to police ARP packets at a rate of 8000 bps. The policy map named p_in is applied to interface GigabitEthernet 3/1/0.1.

Class-map c_arp
Match protocol arp

Policy-map p_in
Class c_arp
Police 8000

interface GigabitEthernet3/1/0.1
service-policy input p_in

Verifying and Monitoring Packets Diverted to the RP

To verify and monitor packets diverted to the RP, use any of the following commands in privileged EXEC mode:

Command
Purpose

Router# show pxf cpu statistics diversion

Displays statistical information about the packets received by the RP from the PXF. This command shows the number of packets the RP receives for each divert cause and the rate of the punted packets.

Note To see an accurate rate, execute this command multiple times, back-to-back.

Router# show pxf cpu statistics diversion pxf

Displays PXF CPU statistics for the packets the PXF diverted to the RP.

The output of this command was enhanced in Cisco IOS Release 12.2(33)SB to display the provisioned burst size for any divert causes.

Router# show pxf cpu statistics diversion pxf interface [interface | vcci-number]

Displays divert cause policer counters for the specified interface.

interface is the type and number of the interface on which the divert cause policer is configured (for example, GigabitEthernet 1/0/0.10).

vcci-number is the VCCI number of the interface.

Note The PXF collects the VCCI-based counts after the VCCI is created using the CLI. Therefore, the divert packet numbers displayed by this command only represent the counts during the polling period.

Router# show pxf cpu statistics diversion top [number]

Displays the top punters (interfaces, subinterfaces, and sessions) who are punting the most packets to the RP. The output displays the top punters by interface and by Layer 2 flow.

number is the number of top punters to display. Valid values are from 1 to 100.

Note If there are fewer punters than you specify, the router displays the interfaces, subinterfaces, and sessions that are currently punting traffic.

Router# show running-config

Displays the current router configuration in the running-configuration file.


Verification Examples for Diverted Packets

The following example shows sample output from the show pxf cpu statistics diversion command. This example displays the number of packets punted to the RP for each diversion cause and the rate of the packets when the RP received them.

Router# show pxf cpu statistics diversion

Diversion Cause 	Packet	Rate (pps)
divert_all           = 0           0          
encap                = 0           0          
clns_isis            = 0           0          
clns                 = 0           0          
cdp                  = 0           0          
cgmp                 = 0           0          
arp                  = 46          0          
rarp                 = 0           0          
mpls_ctl             = 0           0          
keepalive            = 0           0          
ppp_cntrl            = 0           0          
fr_lmi               = 0           0          
atm_ilmi             = 0           0 

The following example shows sample output from the show pxf cpu statistics diversion pxf command. This example displays PXF CPU data and statistics for the packets the PXF diverted to the RP.

Router# show pxf cpu statistics diversion pxf

PXF Divert Policer data and stats (in pps):

	Diverted	Dropped	Max Rate	Burst	Class Name
Diversion Cause	packet	byte	packet	byte			
divert_all	=	0	0	0	0	-	-	default
encap	=	0	0	0	0	250	1000	default
clns_isis	=	0	0	0	0	5000	1000	l3_ctrl
clns	=	0	0	0	0	5000	1000	l3
cdp	=	0	0	0	0	1000	3000	l2
cgmp	=	0	0	0	0	1000	1000	l2ctrl
arp	=	1	70	0	0	125	100	l2_ctrl
rarp	=	0	0	0	0	1000	500	l2
mpls_ctl	=	0	0	0	0	1000	500	l3_ctrl
keepalive	=	0	0	0	0	10000	5000	l2_ctrl

The following example shows sample output from the show pxf cpu statistics diversion pxf interface command. The example displays divert cause policer counts for Gigabit Ethernet interface 3/1/0.

Router# show pxf cpu statistics diversion pxf interface gigabitethernet3/1/0

Divert counts for GigabitEthernet3/1/0:

	Diverted	Dropped
Diversion Cause	packet	byte	packet	byte
divert_all	=	0	0	0	0
encap	=	0	0	0	0
clns_isis	=	0	0	0	0
clns	=	0	0	0	0
cdp	=	0	0	0	0
cgmp	=	0	0	0	0
arp	=	998	95808	0	0


Note The information displayed for this command is similar to the information displayed at the aggregated level.


The following example shows sample output from the show pxf cpu statistics diversion top command. This example displays the top 10 punters.

Router# show pxf cpu statistics diversion top 10

Top 10 punters by interface are:
	Rate(pps)	Packets(diverted/dropped)	vcci	Interface
	18051	20000 /0	2525	GigabitEthernet3/0/0.1
	Last diverted packet type is arp
  ... ...

Top 10 punters by layer 2 flow are:
	Rate(pps)	Packets(diverted/dropped)	Interface	Layer 2 info
	18053	20000 /0	GigabitEthernet3/0/0.1	0009.b68d.9348/0x0806000108000604
	Last diverted packet type is arp

Note If there are fewer punters than you specify, the router displays the interfaces, subinterfaces, and sessions that are currently punting traffic.


The following example shows sample output from the show running-config command. The sample output displays the divert cause policer configured for the arp diversion cause. The policer rate, originally provision at 200 pps, is rounded down to 125 pps because the PXF can only handle rates that are multiples of 125.

Router# show running-config
Building configuration...

... ...
platform c10k divert-policer arp rate 125 burst 100

... ...

Additional References

The following sections provide references related to the Control Plane Policing—Platform Enhancement feature.

Related Documents

Related Topic
Document Title

Control Plane Policing

Control Plane Policing, Release 12.2SB

show Commands

Cisco IOS Command Reference, Release 12.2SB

DoS Attacks

Cisco 10000 Series Router Software Configuration Guide

Protecting the Router from DoS Attacks


Standards

Standard
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature


MIBs

MIB
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Command Reference

This section documents new and modified commands for the Control Plane Policing—Platform Enhancement feature.

For information about these and all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup.

platform c10k divert-policer

show pxf cpu statistics

platform c10k divert-policer

To set the rate and burst size of the divert-policer on a Cisco 10000 series router, use the platform c10k divert-policer command in global configuration mode. To disable the divert-policer for the specified divert-cause, use the no form of this command.

platform c10k divert-policer divert-cause-name rate rate [burst burst-size]

no platform c10k divert-policer divert-cause-name rate rate [burst burst-size]

Syntax Description

divert-cause-name

Name of the diversion cause for which you are enabling the policer.

rate rate

Specifies the police rate, expressed in packets per second (pps) and rounded to a multiple of 125. Valid values for rate are from 0 to 8,191,874 pps.

burst burst-size

Specifies the burst size, expressed in number of packets. Valid values for burst-size are from 1 to 65,534 packets.


Command Default

Enabled

Command Modes

Global configuration (config)#

Command History

Release
Modification

12.2(33)SB

This command was introduced on the Cisco 10000 series router for the PRE2, PRE3, and PRE4.


Usage Guidelines

The police rate has a granularity of 125 pps. If you specify a rate that is not a multiple of 125, the router rounds the rate down. If you specify a rate that is between 1 and 124 inclusive, the policer uses a rate of 125 pps.

Examples

The following example shows how to configure the divert-policer for the arp diversion cause with a police rate of 200 pps and a burst size of 100 packets:

Router# config terminal
Router(config)# platform c10k divert-policer arp rate 200 burst 100

Note The specified police rate of 200 pps is not a multiple of 125; therefore, the policer rounds the rate down to 125 pps.


Related Commands

Command
Description

show pxf cpu statistics diversion pxf interface

Displays PXF statistical information about the divert-cause policer for a specific interface or VCCI.

show pxf cpu statistics diversion top

Displays PXF statistical information about the top specified number of punted packets.


show pxf cpu statistics

To display parallel express forwarding (PXF) CPU statistics or to display statistical information about the divert cause policer on a specific interface or VCCI, use the show pxf cpu statistics command in privileged EXEC mode.

show pxf cpu statistics [atom | backwalk | clear | drop [interface | vcci] | ip | ipv6 | l2tp | mlp | qos [interface] | queue | rx [vcci] | security]

Cisco 10000 Series Router

show pxf cpu statistics diversion
pxf
interface interface
interface vcci
top number

Syntax Description

atom

(Optional) Displays Any Transport over MPLS (AToM) statistics.

backwalk

(Optional) Displays backwalk requests statistics.

clear

(Optional) Clears PXF CPU statistics.

pxf

(Optional) Displays packets that the PXF diverted to the Route Processor (RP). Available on the Cisco 10000 series router only.

pxf interface interface

(Optional) Displays per-interface PXF statistical information for the divert cause policer on a particular interface. Available on the Cisco 10000 series router only.

pxf interface vcci

(Optional) Displays per-VCCI PXF statistical information for the divert cause policer on a particular Virtual Circuit Connection Identifier (VCCI). Available on the Cisco 10000 series router only.

top number

(Optional) Displays PXF statistical information for the number of top punters you specify. Available on the Cisco 10000 series router only. Valid values are from 1 to 100.

drop [interface | vcci]

(Optional) Displays packets dropped by the PXF for the specified interface or VCCI.

ip

(Optional) Displays IP statistics.

ipv6

(Optional) Displays IPv6 statistics.

l2tp

(Optional) Displays packet statistics for an L2TP Access Concentrator (LAC) (Optional) and L2TP Network Server (LNS).

mlp

(Optional) Displays multilink PPP (MLP) statistics.

qos [interface]

(Optional) Displays match statistics for a service policy on an interface.

queue

(Optional) Displays queueing counters for all interfaces.

rx [vcci]

(Optional) Displays receive statistics for a VCCI.

security

(Optional) Displays ACL matching statistics.


Command Default

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.3(7)XI1

This command was integrated into Cisco IOS Release 12.3(7)XI1.

12.2(28)SB

This command was introduced on the Cisco 10000 series router and integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SB

This command was enhanced to display per-interface or per-VCCI PXF statistical information for the divert cause policer on a particular interface or VCCI, to display the top punters on an interface, and to display the provisioned burst size for any divert causes. These enhancements were implemented on the Cisco 10000 series router for the PRE2, PRE3, and PRE4.


Usage Guidelines

Cisco 10000 Series Router Usage Guidelines

The show pxf cpu statistics diversion command displays statistical information about diverted packets. Divert causes with the string "ipv6..." display as "v6..." in the output of all show pxf cpu statistics diversion commands

The output from the show pxf cpu statistics diversion pxf command was enhanced in Cisco IOS Release 12.2(33)SB to display the provisioned burst size for any divert causes.

The show pxf cpu statistics diversion pxf interface interface command displays statistical information about the divert cause policer on a specific interface. The output of this command is similar to the output displayed at the aggregated level. This command enables you to see the traffic types being punted from an inbound interface, subinterface, and session.

The show pxf cpu statistics diversion pxf interface vcci command displays statistical information about the divert cause policer on a specific VCCI. The output of this command is similar to the output displayed at the aggregated level. This command enables you to see the traffic types being punted from an inbound interface, subinterface, and session.

The show pxf cpu statistics diversion top number command displays the interfaces, subinterfaces, and sessions with the highest number of punter packets.

Examples

The following example displays PXF L2TP packet statistics.


Note For L2TP Access Concentrator (LAC) operation, all statistics are applicable. For L2TP Network Server (LNS) operation, only the PPP Control Packets, PPP Data Packets, and PPP Station Packets statistics are meaningful.


Router# show pxf cpu statistics l2tp

LAC Switching Global Debug Statistics:
    PPP Packets           51648
    PPP Control Packets   51647
    PPP Data Packets      1
    Not IPv4 Packets      1
    IP Short Hdr Packets  1
    IP Valid Packets      0
    IP Invalid Packets    1
    DF Cleared Packets    0
    Path MTU Packets      0
    No Path MTU Packets   0
    Within PMTU Packets   0
    Fraggable Packets     0
    PMTU Pass Packets     0
    PMTU Fail Packets     0
    Encapped Packets      51648

L2TP Classification Global Debug Statistics:
    LAC or Multihop Packets  151341
    Multihop Packets         0
    PPP Control Packets      51650
    PPP Data Packets         99691
    PPP Station Packets      151341

The following example displays match statistics for the police_test policy on an ATM interface. The Classmap Index differentiates classes within a policy while the Match Number differentiates match statements within a class.

Router# show pxf cpu statistics qos atm 6/0/0.81801

               Classmap          Match         Pkts          Bytes     
                Index            Number      Matched        Matched   
             ------------      -----------  ------------   ----------
 police_test (Output) service-policy : 
         police_class    (0)       0            0             0       
                                   1            0             0       
                                   2            0             0       
                                   3            0             0       

         class-default   (1)       0            0             0       

Cisco 10000 Series Router

The following example displays the top 10 packet types diverted to the RP. The output displays the top punters by interface and by Layer 2 packet flow.

Router# show pxf cpu statistics diversion top 10
Top 10 punters by interface are:
Rate (pps)	Packets (diverted/dropped)	vcci	Interface
	1	10/0	2606	Virtual-Access2.1
	Last diverted packet type is none.

Top 10 punters by Layer 2 flow are:
Rate (pps)	Packets (diverted/dropped)	Interface	Layer 2 info
	1	15/0	ATM2/0/3	vpi 128/vci 4096/vcci 2591
	Last diverted packet type is oam_f4.
	1	15/0	ATM2/0/3	vpi 128/vci 4096/vcci 2593
	Last diverted packet type is oam_f4.

Related Commands

Command
Description

platform c10k divert- policer

Configures the rate and burst size of the divert-policer.


Feature Information for CoPP—Platform Enhancement

Table 2 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 2 Feature Information for Control Plane Policing—Platform Enhancement 

Feature Name
Releases
Feature Information

Control Plane Policing—Platform Enhancement

12.2(33)SB

This feature provides the following CoPP enhancements: user-level punt monitoring, configurable rate and burst size for the divert cause policer, and drop alarms for packet drops by the To-RP queues and the divert cause policer. This feature also adds DSCP as a divert cause.

In 12.2(33)SB, this feature was introduced on the Cisco 10000 series router for the PRE2, PRE3, and PRE4.

The following commands were introduced or modified: platform c10k divert-policer, show pxf cpu statistics diversion, show pxf cpu statistics diversion pxf interface, show pxf cpu statistics diversion top.

The output of the following command was modified: show pxf cpu statistics pxf